Re: ATC

ActiveTrust Endpoints need to be able to resolve “csp.infoblox.com” and establish connection over TCP Port 443 with the Resolved IP’s for the initial authentication, apart from this you would have to allow communication over TCP Port 443 to ATC’s anycast IP “52.119.40.100”.

To ensure that the Policies configured for your On-Prem are mirrored to your ATEP Users, you need to ensure that your Endpoint Groups are a part of the same Security Policy as your On-Prem Network, you do not need any additional license for this. If your On-Prem Clients are using AT Feeds, ensure that the Security Policy of your Endpoint Groups have the same Feeds are set to block as the On-Prem.